package chaoyue.study.checker;

import chaoyue.study.domain.LoginUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.List;

/**
 * 自定义权限表达式的解析和处理
 */
@Component("myAuthChecker")
public class MyExpressionRoot {

    public boolean check(String authority) {
        // 获取当前用户的权限
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        List<String> authList = loginUser.getAuthList();
        // 如果当前有root权限 直接全部放行
        if (authList.contains("root")) {
            return true;
        }
        // 判断用户权限集合中是否存在
        return authList.contains(authority);
    }
}
